Allowlisting file extensions

The file extension allowlist is an optional layer of security in AX Server that restricts the types of files that can be uploaded to the Related Files subfolder.

Note

The file extension allowlist is enabled by default in new installations of AX Server version 5.3 and later. If you upgrade from a version earlier than 5.3, the allowlist is disabled by default.

How it works

The file extension allowlist specifies a comma-delimited list of file extensions that are permitted. If a user attempts to upload a file type not specified in the allowlist, the upload fails.

Caution

Only the file extension, not the file format, is checked when determining whether the file is included in the allowlist. A file with an allowlisted extension but different format can be uploaded. For example, if .xls is included in the allowlist and .exe is not included, an executable file called example.exe could be renamed example.xls and successfully uploaded.

There are a number of file extensions allowlisted by default, and some extensions that are permanently allowed regardless of allowlist settings:

For a list of the default allowlisted file extensions, see Default allowlisted file extensions
For a list of permanently allowed file extensions, see Permanently allowed file extensions

Example

Your file extension allowlist only contains .txt. Consequently, users can upload any file with a .txt extension, such as sample.txt. When users attempt to upload files with other extensions, such as .pdf, the upload fails.

Configure the file extension allowlist

Use the Server panel of the AX Server Configuration web application to configure the file extension allowlist:

To enable or disable the allowlist, below Enable whitelist, select one of the following:
- Yes
- No
Optional. To edit the allowlisted file extensions, in the File extension whitelist field, add or remove file extensions.
File extensions that include one or more of the following characters are invalid and cannot be added to the allowlist: \ / ? : * " > < |.
Note
The allowlist must be enabled to edit the list of file extensions and you must enter extensions in comma-delimited format.
Click Update Server Settings.

Default allowlisted file extensions

Note

Excel files (.xls, .xlsx) can always be uploaded using Add-In for Excel regardless of whether the extensions are included in the allowlist.

File name extension	File type
.accdb, .accde, .accdr, .accdt	Microsoft Access file
.aclscript	ACLScript file
.csv	Comma separated values file
.dap	ACCPAC file
.dat	Data file
.dbf	dBASE database file
.dbp	Database profile
.del	Delimited ASCII file
.dfe	ACCPAC file
.doc, .docb, .docm, .docx, .dot, .dotm, .dotx	Microsoft Word file
.dsn	Database source name file
.eap	ACCPAC file
.inx	Analytics index file
.json	JSON (JavaScript Object Notation) file
.mdb	Microsoft Access
.model	Analytics predictive model file
.pdf	PDF (portable document format) file
.pot, .potm, .potx, .ppam, pps, .ppsm, .ppsx, .ppt, .pptm, .pptx	Microsoft PowerPoint file
.prf	Microsoft Outlook file
.ps1	PowerShell script file
.rec
.rpt	Crystal Reports report or output file
.sldm, .sldx	Microsoft PowerPoint file
.txt	Plain text file
.vbs	VBScript file
.xbrl	XBRL (extensible business reporting language) file
.xla, .xlam, .xll, .xlm, .xls, .xlsb, .xslm, .xlsx, xlt, .xltm, .xltx, xlw	Microsoft Excel file
.xml	XML (extensible markup language) file
.zip	Compressed file

Permanently allowed file extensions

The file types listed in the following table can be uploaded or imported by users with “Full permissions” on a collection or folder regardless of whether they are included in the allowlist. These file types are required to ensure functionality in various AX Server and Analytics features.

File name extension	File type
.acl	Analytics project file
.aclapp	Packaged analysis app file
.aclx	Analysis app file
.fmt	Default table layout file in Analytics prior to version 11
.layout	Table layout file in Analytics version 11 and later
.wsp	Analytics workspace file